383d512f82313e22bd0ac97517b77f7179a3c77f5b39e5b2335013d2a2b0fafd | Triage

Sharing

General

Target

383d512f82313e22bd0ac97517b77f7179a3c77f5b39e5b2335013d2a2b0fafd
Size

100KB
Sample

241121-a6n4baxgml
MD5

d72a4038c6bbc827edbe1acad62037c4
SHA1

afd87e7be24df815bd2c0307f401517fb83cd2b4
SHA256

383d512f82313e22bd0ac97517b77f7179a3c77f5b39e5b2335013d2a2b0fafd
SHA512

4e6682861496180f95dbbb015cd2a4829727adff88de561396c09391fbe3c6e41302126b6b23818614c4efcfa0f7d8f0ed23a0b7bcbc4ec80028dc60c5a59138
SSDEEP

3072:n/k3hbdlylKsgqopeJBWhZFGkE+cL2NdAFxe53lGvFTQ3IzxgdrvxpU0OKvMB:/k3hbdlylKsgqopeJBWhZFVE+W2NdAOK

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://185.7.214.7/fer/fe3.html

Targets

- Target
  
  383d512f82313e22bd0ac97517b77f7179a3c77f5b39e5b2335013d2a2b0fafd
- Size
  
  100KB
- MD5
  
  d72a4038c6bbc827edbe1acad62037c4
- SHA1
  
  afd87e7be24df815bd2c0307f401517fb83cd2b4
- SHA256
  
  383d512f82313e22bd0ac97517b77f7179a3c77f5b39e5b2335013d2a2b0fafd
- SHA512
  
  4e6682861496180f95dbbb015cd2a4829727adff88de561396c09391fbe3c6e41302126b6b23818614c4efcfa0f7d8f0ed23a0b7bcbc4ec80028dc60c5a59138
- SSDEEP
  
  3072:n/k3hbdlylKsgqopeJBWhZFGkE+cL2NdAFxe53lGvFTQ3IzxgdrvxpU0OKvMB:/k3hbdlylKsgqopeJBWhZFVE+W2NdAOK
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2